Bug 1379792
| Summary: | tor.service won't start | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Lokesh Mandvekar <lsm5> |
| Component: | tor | Assignee: | Nobody's working on this, feel free to take it <nobody> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | lsm5, misc, pwouters, s |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-10-04 07:19:26 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Lokesh Mandvekar
2016-09-27 16:43:31 UTC
I don't see the original issue anymore, rather now I see this: Sep 29 09:54:52 naruto audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Sep 29 09:54:52 naruto audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Sep 29 09:54:52 naruto systemd[1]: Starting Anonymizing overlay network for TCP... -- Subject: Unit tor.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tor.service has begun starting up. Sep 29 09:54:52 naruto systemd[28129]: tor.service: Failed at step NAMESPACE spawning /usr/bin/tor: No such file or directory -- Subject: Process /usr/bin/tor could not be executed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- The process /usr/bin/tor could not be executed and failed. -- -- The error number returned by this process is 2. Sep 29 09:54:52 naruto systemd[1]: tor.service: Control process exited, code=exited status=226 Sep 29 09:54:52 naruto systemd[1]: Failed to start Anonymizing overlay network for TCP. -- Subject: Unit tor.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit tor.service has failed. -- -- The result is failed. Sep 29 09:54:52 naruto systemd[1]: tor.service: Unit entered failed state. Sep 29 09:54:52 naruto audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tor comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Sep 29 09:54:52 naruto systemd[1]: tor.service: Failed with result 'exit-code'. $ which tor /usr/bin/tor This look like related to https://bugzilla.redhat.com/show_bug.cgi?id=1368621 , does it work if you put selinux in permissive, or does the AVC match the one reported in the bug (and those on https://bugzilla.redhat.com/show_bug.cgi?id=1357395 ) Hi Michael, no joy with setenforce 0. I still see the same error. Also, mounton access was denied to /run/tor up until sept 23, and on sept 27 it changed to /var/lib/tor.
See:
time->Fri Sep 23 14:22:48 2016
type=AVC msg=audit(1474658568.558:98): avc: denied { mounton } for pid=986 comm="(tor)" path="/run/tor" dev="tmpfs" ino=18911 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_run_t:s0 tclass=dir permissive=0
----
time->Fri Sep 23 14:23:50 2016
type=AVC msg=audit(1474658630.268:156): avc: denied { mounton } for pid=1504 comm="(tor)" path="/run/tor" dev="tmpfs" ino=18911 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_run_t:s0 tclass=dir permissive=0
----
time->Fri Sep 23 14:23:50 2016
type=AVC msg=audit(1474658630.368:157): avc: denied { mounton } for pid=1508 comm="(tor)" path="/run/tor" dev="tmpfs" ino=18911 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_run_t:s0 tclass=dir permissive=0
----
time->Tue Sep 27 10:47:56 2016
type=AVC msg=audit(1474991276.438:86): avc: denied { mounton } for pid=946 comm="(tor)" path="/var/lib/tor" dev="dm-4" ino=1311336 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_lib_t:s0 tclass=dir permissive=0
----
time->Tue Sep 27 10:47:56 2016
type=AVC msg=audit(1474991276.672:96): avc: denied { mounton } for pid=996 comm="(tor)" path="/var/lib/tor" dev="dm-4" ino=1311336 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_lib_t:s0 tclass=dir permissive=0
----
time->Tue Sep 27 10:47:58 2016
type=AVC msg=audit(1474991278.081:133): avc: denied { mounton } for pid=1061 comm="(tor)" path="/var/lib/tor" dev="dm-4" ino=1311336 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_lib_t:s0 tclass=dir permissive=0
Can you give the tor log when selinux is in permissive ? So rawhide now has 0.2.8.8-1 and with that tor works in permissive mode, but in enforcing mode, I see this now:
Oct 03 22:11:48 naruto audit[2017]: AVC avc: denied { mounton } for pid=2017 comm="(tor)" path="/var/lib/tor" dev="dm-4" ino=1311822 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_lib_t:s0 tclass=dir permissive=0
Oct 03 22:11:48 naruto tor[2017]: Oct 03 22:11:48.326 [notice] Tor v0.2.8.8 running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2j-fips and Zlib 1.2.8.
Oct 03 22:11:48 naruto tor[2017]: Oct 03 22:11:48.326 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 03 22:11:48 naruto tor[2017]: Oct 03 22:11:48.326 [notice] Read configuration file "/usr/share/tor/defaults-torrc".
Oct 03 22:11:48 naruto tor[2017]: Oct 03 22:11:48.326 [notice] Read configuration file "/etc/tor/torrc".
Oct 03 22:11:48 naruto tor[2017]: Oct 03 22:11:48.329 [notice] Based on detected system memory, MaxMemInQueues is set to 5726 MB. You can override this by setting MaxMemInQueues by hand.
Oct 03 22:11:48 naruto tor[2017]: Oct 03 22:11:48.330 [warn] Unable to make /var/lib/tor group-readable: Read-only file system
Oct 03 22:11:48 naruto tor[2017]: Configuration was valid
Oct 03 22:11:48 naruto audit[2019]: AVC avc: denied { mounton } for pid=2019 comm="(tor)" path="/var/lib/tor" dev="dm-4" ino=1311822 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tor_var_lib_t:s0 tclass=dir permissive=0
Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.414 [notice] Tor v0.2.8.8 running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2j-fips and Zlib 1.2.8.
Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.414 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.414 [notice] Read configuration file "/usr/share/tor/defaults-torrc".
Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.415 [notice] Read configuration file "/etc/tor/torrc".
Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.417 [notice] Based on detected system memory, MaxMemInQueues is set to 5726 MB. You can override this by setting MaxMemInQueues by hand.
Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.417 [notice] Opening Socks listener on 127.0.0.1:9050
Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.417 [notice] Opening DNS listener on 127.0.0.1:53
Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.417 [notice] Opening OR listener on 0.0.0.0:9001
Oct 03 22:11:48 naruto tor[2019]: Oct 03 22:11:48.418 [warn] Unable to make /var/lib/tor group-readable: Read-only file system
Oct 03 22:11:48 naruto Tor[2019]: OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 100020af: OpenSSL 1.0.2j 26 Sep 2016; running with 100020af: OpenSSL 1.0.2j-fips 26 Sep 2016).
Oct 03 22:11:48 naruto Tor[2019]: Tor v0.2.8.8 running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.2j-fips and Zlib 1.2.8.
Oct 03 22:11:48 naruto Tor[2019]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 03 22:11:48 naruto Tor[2019]: Read configuration file "/usr/share/tor/defaults-torrc".
Oct 03 22:11:48 naruto Tor[2019]: Read configuration file "/etc/tor/torrc".
Oct 03 22:11:48 naruto Tor[2019]: Based on detected system memory, MaxMemInQueues is set to 5726 MB. You can override this by setting MaxMemInQueues by hand.
Oct 03 22:11:48 naruto Tor[2019]: Opening Socks listener on 127.0.0.1:9050
Oct 03 22:11:48 naruto Tor[2019]: Opening DNS listener on 127.0.0.1:53
Oct 03 22:11:48 naruto Tor[2019]: Opening OR listener on 0.0.0.0:9001
Oct 03 22:11:48 naruto Tor[2019]: Unable to make /var/lib/tor group-readable: Read-only file system
Oct 03 22:11:48 naruto Tor[2019]: Couldn't open "/var/lib/tor/lock" for locking: Read-only file system
Oct 03 22:11:48 naruto Tor[2019]: set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.2.8.8 )
Oct 03 22:11:48 naruto systemd[1]: tor.service: Main process exited, code=exited, status=1/FAILURE
Oct 03 22:11:48 naruto systemd[1]: Failed to start Anonymizing overlay network for TCP.
-- Subject: Unit tor.service has failed
Ok so the selinux are definitely a duplicate of 1357395 *** This bug has been marked as a duplicate of bug 1357395 *** |